Explorer.exe connects to Microsoft and it sends back unique code and stuff

Ok, I have seen earlier threads about this explorer.exe contacting microsoft.com. I was just talking about scvhost.exe contacting who knows what with https in an earlier thread, but then I hit F3 (search) and saw explorer.exe trying to contact microsoft.com.

I decided to look with wireshark (packet sniffing) what it is doing and I found out the following. Im not saying its a BAD thing what explorer.exe is doing, but I wanted to see what its doing.
(Im using winxp 64)

Explorer.exe sent following information from my computer to microsoft:

It first sends some stuff back and forth that i dont paste because its probably not important.
After that it sends 74 bytes. I dont understand what it sends, its some weird stuff.

After that, explorer.exe sends new data to microsoft with the size of 198 bytes. The beginning of this data is the same as the 74bytes sent in earlier messages (includes my motherboards network cards mac with the word "Asustek" and also my routers mac, with the word "cisco"......and other stuff.

The X character was numbers and Y was letters but I dont want to display what it was incase it was some identification code and not a real "etag".

(mac addresses do get sent in tcp/ip but im not sure why they are in these messages)

I have 2 other local ip:s in my computer because of VMWARE. Well, explorer.exe also sent some stuff to microsoft with their ips, part of the "Name query NBSTAT" (in screenshot).

The xml and xsl file requests came from my local lan 192.168.1.101 but it also used vmwares nic:s 192.168.81.1 and 192.168.31.1 to send stuff. I dont know how or why it does this because they should be controlled by vmware but I guess there is a logical answer.

I think it only sent microsoft the info that I have those 2 nics in my computer too.

heres screenshot from wireshark that does not show the detail window but it shows the overview windowhttp://i53.tinypic.com/6fxoj4.jpg
(the row that says ignored was ignored by accident but it had the same stuff)

What is this? Somekinda joke? Well, at least my computer was a "HTTP/1.1 304 Not Modified" that got a 18 character long "ETAG" that according to wikipedia could be used as a replacement for a tracking cookie even if the ETAG wasn't originally created for that use. Cooool!!

Is this an innocent looking feature that isn't explained anywhere by Microsoft or is it somekinda malevolent borg hive mind thing?

it is quite easy to do the packet sniffing. In first window click your local NIC that is connected to internet and then it shows all connections going. I suggest you stop all web browsing and other programs so it wont flood the window. Remove explorer.exe from your firewalls blocked list if it was blocked, then open my computer and hit F3, it should provoke explorer.exe to contact hive mind, I mean sa.windows.com

What could this be....? in earlier threads, people mostly say how to block it, not what it is or does.

edit: Seems its not sending mac address, it was only shown on wireshark and it was hard to read.

What you're seeing is default behaviour for Explorer. It's actually part of the Windows search service and the communication you're seeing is, what used to be called, the Windows Search Assistant, updating itself.